summaryrefslogtreecommitdiff
path: root/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml')
-rw-r--r--Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml297
1 files changed, 297 insertions, 0 deletions
diff --git a/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml
new file mode 100644
index 00000000..d064e03b
--- /dev/null
+++ b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml
@@ -0,0 +1,297 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+
+<refentry id='pam_succeed_if'>
+<!-- Copyright 2003, 2004 Red Hat, Inc. -->
+<!-- Written by Nalin Dahyabhai &lt;nalin@redhat.com&gt; -->
+
+ <refmeta>
+ <refentrytitle>pam_succeed_if</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class='sectdesc'>Linux-PAM</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id='pam_succeed_if-name'>
+ <refname>pam_succeed_if</refname>
+ <refpurpose>test account characteristics</refpurpose>
+ </refnamediv>
+
+
+ <refsynopsisdiv>
+ <cmdsynopsis id='pam_succeed_if-cmdsynopsis'>
+ <command>pam_succeed_if.so</command>
+ <arg choice='opt' rep='repeat'><replaceable>flag</replaceable></arg>
+ <arg choice='opt' rep='repeat'><replaceable>condition</replaceable></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_succeed_if-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ pam_succeed_if.so is designed to succeed or fail authentication
+ based on characteristics of the account belonging to the user being
+ authenticated. One use is to select whether to load other modules based
+ on this test.
+ </para>
+
+ <para>
+ The module should be given one or more conditions as module arguments,
+ and authentication will succeed only if all of the conditions are met.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_succeed_if-options">
+ <title>OPTIONS</title>
+ <para>
+ The following <emphasis>flag</emphasis>s are supported:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>debug</option></term>
+ <listitem>
+ <para>Turns on debugging messages sent to syslog.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>use_uid</option></term>
+ <listitem>
+ <para>
+ Evaluate conditions using the account of the user whose UID
+ the application is running under instead of the user being
+ authenticated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>quiet</option></term>
+ <listitem>
+ <para>Don't log failure or success to the system log.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>quiet_fail</option></term>
+ <listitem>
+ <para>
+ Don't log failure to the system log.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>quiet_success</option></term>
+ <listitem>
+ <para>
+ Don't log success to the system log.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>
+ <emphasis>Condition</emphasis>s are three words: a field, a test,
+ and a value to test for.
+ </para>
+ <para>
+ Available fields are <emphasis>user</emphasis>,
+ <emphasis>uid</emphasis>, <emphasis>gid</emphasis>,
+ <emphasis>shell</emphasis>, <emphasis>home</emphasis>
+ and <emphasis>service</emphasis>:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>field &lt; number</option></term>
+ <listitem>
+ <para>Field has a value numerically less than number.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field &lt;= number</option></term>
+ <listitem>
+ <para>
+ Field has a value numerically less than or equal to number.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field eq number</option></term>
+ <listitem>
+ <para>
+ Field has a value numerically equal to number.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field &gt;= number</option></term>
+ <listitem>
+ <para>
+ Field has a value numerically greater than or equal to number.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field &gt; number</option></term>
+ <listitem>
+ <para>
+ Field has a value numerically greater than number.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field ne number</option></term>
+ <listitem>
+ <para>
+ Field has a value numerically different from number.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field = string</option></term>
+ <listitem>
+ <para>
+ Field exactly matches the given string.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field != string</option></term>
+ <listitem>
+ <para>
+ Field does not match the given string.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field =~ glob</option></term>
+ <listitem>
+ <para>Field matches the given glob.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field !~ glob</option></term>
+ <listitem>
+ <para>Field does not match the given glob.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field in item:item:...</option></term>
+ <listitem>
+ <para>Field is contained in the list of items separated by colons.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>field notin item:item:...</option></term>
+ <listitem>
+ <para>Field is not contained in the list of items separated by colons.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>user ingroup group</option></term>
+ <listitem>
+ <para>User is in given group.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>user notingroup group</option></term>
+ <listitem>
+ <para>User is not in given group.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>user innetgr netgroup</option></term>
+ <listitem>
+ <para>(user,host) is in given netgroup.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>user notinnetgr group</option></term>
+ <listitem>
+ <para>(user,host) is not in given netgroup.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_succeed_if-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ All services are supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_succeed_if-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The condition was true.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ The condition was false.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_SERVICE_ERR</term>
+ <listitem>
+ <para>
+ A service error occured or the arguments can't be
+ parsed as numbers.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+
+ <refsect1 id='pam_succeed_if-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ To emulate the behaviour of <emphasis>pam_wheel</emphasis>, except
+ there is no fallback to group 0:
+ </para>
+ <programlisting>
+auth required pam_succeed_if.so quiet user ingroup wheel
+ </programlisting>
+
+ <para>
+ Given that the type matches, only loads the othermodule rule if
+ the UID is over 500. Adjust the number after default to skip
+ several rules.
+ </para>
+ <programlisting>
+type [default=1 success=ignore] pam_succeed_if.so quiet uid &gt; 500
+type required othermodule.so arguments...
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id='pam_succeed_if-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_succeed_if-author'>
+ <title>AUTHOR</title>
+ <para>Nalin Dahyabhai &lt;nalin@redhat.com&gt;</para>
+ </refsect1>
+</refentry>